Nigh-undetectable ATM skimmer

If the previous ATM skimmer posts didn't scare the pants off you, this one from San Fernando Valley, which Brian Krebs reports on, might. It has a near-undetectable pinhole camera for recording timestamped footage of your PIN entry, and apart from that indicator, the only way to spot it is to yank hard on the front of the ATM before you start using it.

A few tips about ATM skimmers and skimming scams. It’s difficult — once you’re aware of how sophisticated some of these skimmers can be — to avoid being paranoid around ATMs; friends and family often tease me for stopping to tug at ATMs that I pass on the street, even when I have no intention of withdrawing money from the machines.

Still, it’s good and healthy to be somewhat paranoid while at an ATM. Make sure nobody is “shoulder surfing” you to watch you enter your PIN. A simple precaution defeats shoulder surfing and many other types of video-based PIN stealing mechanism: Cover the PIN pad with your hand or another object when you enter your PIN.

28 Responses to “Nigh-undetectable ATM skimmer”

In the UK (And I think most of Europe) ATMs first try to read the chip – then the magnetic strip. I’m thinking that these skimmers currently cannot read the chip as this is not something that can be done in a ‘skim’. So – a possible workaround here is to get a strong magnet out and erase the mag-strip. This may cause problems if you travel abroad, but if it is just for cash withdrawal it should be OK.

The magnetic strip only holds the card number. So erasing this means that some poor teller is going to have to type your card number in. What the camera does is it videos the card as it goes in so grabbing the numbers. And it sees the keyboard so it gets your PIN. The camera is no big deal. It is a cheap spy camera with a big battery so that it lasts longer. The thing that might look like a card stripe reader is only an optical switch. It senses when there is a card inserted and starts recording. The clever bit is the professional looking plastic panel.

Doesn’t look like it, from the position of the camera it would be edge on to the card, so would never be able to capture the numbers. Also this “optical sensor” is exactly where the magnetic strip on the card happens to be…

In Australia in an effort to reduce skimming a few ATMs were set up to pull the card in halfway, push it back out a bit, then draw it in the rest of the way. Presumably the software in the ATMs knew when it was getting pushed out and didn’t scan, then resumed scanning once it came back as far as it had been pushed out.

Skinner manufacturers either caught on to this pretty fast and worked out to do the same thing or it caused problems with a fair few cards because I didn’t see ATMs doing this for long.

Now a lot of the ATMs in Australia come with odd shaped plastic bits that light up, etc where you stick your card in. Presumably to make attaching a skimmer difficult. I just make sure to cover my hand whenever I put my pin in, ATM, Eftpos, where ever.

“So erasing this means that some poor teller is going to have to type your card number in”
When are they ever going to do that? All the information is held on the chip, unless you go to some godforsaken country that hasn’t got the hang of chip’n’pin.

And what good are the numbers on the card without the real deal from the mag stripe. You could confuse a skimmer with a quick go with a sander/paint/tape. Everyone would have caught onto that pretty quick.

I have worked on cards with magnetic stripes. The only data on the magnetic stripe is what you see embossed on the card. And which godforsaken country hasn’t got Chip and PIN? USA for one. There are enough targets there to keep any skimming crook busy for a long time.

I’m guessing whoever could come up with such a well made device could easily foil the “i’ll pull on it to see if its real” test. A little VHB tape for example would easily foil that. The skimmer could be disposable, or require a tool to remove.

“friends and family often tease me for stopping to tug at ATMs that I pass on the street, even when I have no intention of withdrawing money from the machines.”

I’m so happy I’m not the only one who does this! Despite knowing its possible I’m not entirely sure what I would do if a skimmer came away in my hand. Call the police? Hide from potentially nearby Eastern European gangsters? Bother? We should start a support network for similarly afflicted people.